Active Directory Security Groups: Difference between revisions
No edit summary |
|||
| (11 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
===Create Template User=== | ===Create Template User=== | ||
1. Open the User Editor | 1. Open the User Editor in the [https://www.tracsflorida.org/wiki/index.php?title=Configuration_Manager Configuration Manager]. | ||
2. Click the Add User button. | 2. Click the Add User button. | ||
| Line 9: | Line 9: | ||
- User ID: The User ID must be set to #AD_TEMPLATE_USER#. | - User ID: The User ID must be set to #AD_TEMPLATE_USER#. | ||
- Location Name:The default location that you want to be applied when a new user is added to TraCS. | - Location Name: The default location that you want to be applied when a new user is added to TraCS. | ||
- Enterprise Defaults ID: Generic | |||
- Encryption Key: The default encryption key to apply to new TraCS users. Defaults to UniversalKey. | - Encryption Key: The default encryption key to apply to new TraCS users. Defaults to UniversalKey. | ||
===Update Database Connection Settings=== | ===Update Database Connection Settings=== | ||
| Line 34: | Line 35: | ||
8. Apply settings in the editor and restart the application pool once complete. | 8. Apply settings in the editor and restart the application pool once complete. | ||
===Update TraCS Settings.ini=== | |||
===Settings=== | |||
File path/name: C:\ProgramData\TraCS\Settings\Settings.ini | File path/name: C:\ProgramData\TraCS\Settings\Settings.ini | ||
| Line 43: | Line 43: | ||
[[Image: ADMobileSettings.jpg]] | [[Image: ADMobileSettings.jpg]] | ||
Office Units (web servers) must have LoginType=ActiveDirectory | |||
Office Units (servers) must have LoginType=ActiveDirectory | |||
*If changing a web server's log in type you must restart the application pool | *If changing a web server's log in type you must restart the application pool | ||
[[Image: ADOfficeSettings.jpg]] | [[Image: ADOfficeSettings.jpg]] | ||
===Active Directory Groups=== | ===Active Directory Groups=== | ||
Create | ====Create AD Groups==== | ||
'''Create the following groups in Active Directory (AD):''' | |||
TraCS Records | TraCS Records<br>TraCS Reporter<br>TraCS RecordsDataEntry<br>TraCS Supervisor<br>TraCS System Admin<br>TraCSAccessLevelRecords<br>TraCSAccessLevelReporter<br>TraCSAccessLevelRecordsDataEntry<br>TraCSAccessLevelSupervisor<br>TraCSAccessLevelSystemAdmin<br>TraCSAUAll Users_Records<br>TraCSAUAll Users_Reporter<br>TraCSAUAll Users_RecordsDataEntry<br>TraCSAUAll Users_Supervisor<br>TraCSAUAll Users_SystemAdmin<br>TraCSGroupAll Users<br>TraCSLogin | ||
====Add Existing Users to AD Group==== | |||
'''Existing AD Users (or existing AD groups) will be a member of one of these AD Security Groups:''' | |||
TraCS Supervisor | TraCS Records<br>TraCS Reporter<br>TraCS RecordsDataEntry<br>TraCS Supervisor<br>TraCS System Admin | ||
====AD Group Membership==== | |||
Each of these TraCS AD Security groups will be a member of: | |||
Each of these TraCS AD Security groups will be a member of | |||
'''TraCS Records''' | '''TraCS Records''' | ||
| Line 114: | Line 71: | ||
''Member of:'' | ''Member of:'' | ||
TraCSAccessLevelRecords | TraCSAccessLevelRecords<br>TraCSGroupAll Users<br>TraCSLogin<br>TraCSAUAll Users_Records<br> | ||
TraCSGroupAll Users | |||
TraCSLogin | |||
TraCSAUAll Users_Records | |||
'''TraCS Reporter''' | '''TraCS Reporter''' | ||
| Line 127: | Line 77: | ||
''Member of:'' | ''Member of:'' | ||
TraCSAccessLevelReporter | TraCSAccessLevelReporter<br>TraCSGroupAll Users<br>TraCSLogin<br>TraCSAUAll Users_Records | ||
'''TraCS RecordsDataEntry''' | |||
''Member of:'' | ''Member of:'' | ||
TraCSAccessLevelRecordsDataEntry | TraCSAccessLevelRecordsDataEntry<br>TraCSAccessLevelRecordsDataEntry<br>TraCSGroupAll Users<br>TraCSLogin<br>TraCSAUAll Users_RecordsDataEntry | ||
TraCSAccessLevelRecordsDataEntry | |||
TraCSGroupAll Users | |||
TraCSLogin | |||
TraCSAUAll Users_RecordsDataEntry | |||
'''TraCS Supervisors''' | '''TraCS Supervisors''' | ||
| Line 155: | Line 89: | ||
''Member of:'' | ''Member of:'' | ||
TraCSAccessLevelRecords | TraCSAccessLevelRecords<br>TraCSAccessLevelReporter<br>TraCSAccessLevelCitationReporter<br>TraCSAccessLevelWarningReporter<br>TraCSAccessLevelSupervisor<br>TraCSGroupAll Users<br>TraCSLogin<br>TraCSAUAll Users_Records<br>TraCSAUAll Users_Reporter<br>TraCSAUAll Users_Supervisor | ||
TraCSAccessLevelReporter | |||
TraCSAccessLevelCitationReporter | |||
TraCSAccessLevelWarningReporter | |||
TraCSAccessLevelSupervisor | |||
TraCSGroupAll Users | |||
TraCSLogin | |||
TraCSAUAll Users_Records | |||
TraCSAUAll Users_Reporter | |||
TraCSAUAll Users_Supervisor | |||
'''TraCS SystemAdmin''' | '''TraCS SystemAdmin''' | ||
| Line 184: | Line 95: | ||
''Member of:'' | ''Member of:'' | ||
TraCSAccessLevelRecords | TraCSAccessLevelRecords<br>TraCSAccessLevelReporter<br>TraCSAccessLevelSupervisor<br>TraCSAccessLevelSystemAdmin<br>TraCSGroupAll Users<br>TraCSLogin<br>TraCSAUAll Users_Records<br>TraCSAUAll Users_Reporter<br>TraCSAUAll Users_Supervisor<br>TraCSAUAll Users_SystemAdmin | ||
====Sample User (Records)==== | |||
[[File:ADSampleUser.png]] | |||
Latest revision as of 14:58, 12 December 2024
Create Template User
1. Open the User Editor in the Configuration Manager.
2. Click the Add User button.
3. Configure the following properties for the user:
- User ID: The User ID must be set to #AD_TEMPLATE_USER#.
- Location Name: The default location that you want to be applied when a new user is added to TraCS.
- Enterprise Defaults ID: Generic
- Encryption Key: The default encryption key to apply to new TraCS users. Defaults to UniversalKey.
Update Database Connection Settings
TraCS staff will have to do this for you on your Web server.
1. Add a connection string called 'Active Directory' under Other
2. Enter LDAP string like 'ldap://domainservername'
3. Set the LoginGroup to 'TraCSLogin'
4. Access Levels set to 'True'
5. Associated Users set to 'True'
6. User Groups set to 'False'
7. You may or may not need to enter log in credentials.
8. Apply settings in the editor and restart the application pool once complete.
Update TraCS Settings.ini
File path/name: C:\ProgramData\TraCS\Settings\Settings.ini
Mobile Units must have LoginType=ActiveDirectoryPrompt
Office Units (web servers) must have LoginType=ActiveDirectory
- If changing a web server's log in type you must restart the application pool
Active Directory Groups
Create AD Groups
Create the following groups in Active Directory (AD):
TraCS Records
TraCS Reporter
TraCS RecordsDataEntry
TraCS Supervisor
TraCS System Admin
TraCSAccessLevelRecords
TraCSAccessLevelReporter
TraCSAccessLevelRecordsDataEntry
TraCSAccessLevelSupervisor
TraCSAccessLevelSystemAdmin
TraCSAUAll Users_Records
TraCSAUAll Users_Reporter
TraCSAUAll Users_RecordsDataEntry
TraCSAUAll Users_Supervisor
TraCSAUAll Users_SystemAdmin
TraCSGroupAll Users
TraCSLogin
Add Existing Users to AD Group
Existing AD Users (or existing AD groups) will be a member of one of these AD Security Groups:
TraCS Records
TraCS Reporter
TraCS RecordsDataEntry
TraCS Supervisor
TraCS System Admin
AD Group Membership
Each of these TraCS AD Security groups will be a member of:
TraCS Records
Member of:
TraCSAccessLevelRecords
TraCSGroupAll Users
TraCSLogin
TraCSAUAll Users_Records
TraCS Reporter
Member of:
TraCSAccessLevelReporter
TraCSGroupAll Users
TraCSLogin
TraCSAUAll Users_Records
TraCS RecordsDataEntry
Member of:
TraCSAccessLevelRecordsDataEntry
TraCSAccessLevelRecordsDataEntry
TraCSGroupAll Users
TraCSLogin
TraCSAUAll Users_RecordsDataEntry
TraCS Supervisors
Member of:
TraCSAccessLevelRecords
TraCSAccessLevelReporter
TraCSAccessLevelCitationReporter
TraCSAccessLevelWarningReporter
TraCSAccessLevelSupervisor
TraCSGroupAll Users
TraCSLogin
TraCSAUAll Users_Records
TraCSAUAll Users_Reporter
TraCSAUAll Users_Supervisor
TraCS SystemAdmin
Member of:
TraCSAccessLevelRecords
TraCSAccessLevelReporter
TraCSAccessLevelSupervisor
TraCSAccessLevelSystemAdmin
TraCSGroupAll Users
TraCSLogin
TraCSAUAll Users_Records
TraCSAUAll Users_Reporter
TraCSAUAll Users_Supervisor
TraCSAUAll Users_SystemAdmin
Sample User (Records)
